Medium severity6.3NVD Advisory· Published Dec 28, 2025· Updated Apr 29, 2026
CVE-2025-15139
CVE-2025-15139
Description
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
3cpe:2.3:o:trendnet:tew-822dre_firmware:1.00b21:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:trendnet:tew-822dre_firmware:1.00b21:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-822dre_firmware:1.01b06:*:*:*:*:*:*:*
- (no CPE)range: = 1.00B21 / 1.01B06
Patches
Vulnerability mechanics
References
4- pentagonal-time-3a7.notion.site/TRENDnet-TEW-822DRE-Command-Injection-2c9e5dd4c5a580f190e9c411ad627e9anvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.